Unix groups are used to share files with other users at the University. By default all users at Bath with an account have storage space allocated to them on the central fileserver - their home directory or H drive. Access to your home directory is via the H:\ drive on campus workstations, PCs, Public Access PCs etc or by logging into one of our general purpose Unix machines.
Everyone is a member of at least one group - their default group. Each file or directory on the central fileserver is associated with one group. This is usually referred to as group membership and group ownerships, respectively. That is, users are in groups and files are owned by a group.
Groups are used for general file sharing - if you are in the same group you have the ability to share files with other members of the group. A common use of groups at Bath is to provide write access to departmental web pages.
As mentioned above - all users are a member of one group, their default group, however you can be a member of up to 16 groups in total.
Managing groups requires some action by the user. Groups can be submitted for creation by using the form on the right. Submissions need to be approved before they take effect on the main systems. If you submit a group creation request you will be the administrator of the group. If you don't want this responsibility don't create the group. Groups other than default groups can be managed via a simple web interface. Login and you will be presented with the groups you are an administrator for and the groups you are a member of. Your default group is excluded from this list.
File and directory ownership
All files or directories are owned by the user creating them. In addition to being owned by a user, each file or directory is also owned by a group. It is important to have group ownership correct, if you ever want to share files with your group. This is especially important if a number of people are responsible for the content of a particular file or group of files such as departmental web files. It is important to note that group ownership does not imply group access, you must set the file access permissions so your group can use the files. Permissions can be set to restrict the type of access that group members have to your directories and files. You can use different Unix groups to share files with separate sets of users.
File and directory permissions
Just setting up a file to be owned by a group does not give your group any access to the file. Granting and limiting access is done by setting the permission modes. You can see the permission modes as a set of 10 letters or dashes in the long listing of a file or directory using the
ls -l command
Unix commands for working with Groups
ls -l- list file permissions
chmod- change the permissions mode of a file eg -
chmod 755 <filename>
chgrp- change file group ownership eg -
chgrp <groupname> <filename>
groups- print group memberships
See also - basic Unix commands
groups command to see which groups you belong to:
amos [~] $ groups ccs info-cc bath05
The first group which is listed is your default group. This may be the only group you are a member of.
ls command to list the files in a directory
amos [~] $ > ls -l drwxr-xr-x 2 abc123 bath05 512 Dec 4 2002 Desktop drwxr-xr-x 2 abc123 bath05 512 Jul 23 2003 Libproxy -rwxr--r-- 1 abc123 info-cc 179712 May 18 2004 Log book.doc drwxr-xr-x 3 abc123 bath05 512 Nov 9 2004 Macromedia drwx------ 2 abc123 bath05 512 May 20 1998 Mail -rw------- 1 abc123 bath05 37207 Aug 23 2000 Mailbox drwxr-xr-x 2 abc123 bath05 512 Apr 22 16:55 New Folder -rwxr--r-- 1 abc123 bath05 600 Sep 29 13:43 PUTTY.RND drwx------ 4 abc123 bath05 512 Oct 6 2004 Profiles_Do_Not_Delete
The permissions, owners and groups associated with the files are shown using this command.
chmod command to set permission modes for selected directories and files. In general, you need to set at least read and execute permissions for the directories and read permissions for the files.
The command syntax to enable all members of a group to read some file is:
chmod g+r filename
where filename is the name of the file you want to share. The file is now readable to the group associated with the file filename.
You can recurse this to to make sure a directory and all its files and sub-directories are owned by the correct group.
chmod -R g+r dirname
dirname is the name of the directory that contains the files you want to share.
chmod command can also be used to allow members of a group to put files in a directory. The owner of the directory can open a directory for shared writing with the command:
chmod g=swrx dirname
dirname is the name of the directory you want to members of your group to create files in. The "s" is the group set-ID setting, which means all new files in this group will be owner by the user putting them there, but the group ownership will be set to match the group of the directory, not the current group of the owner. This is the recommended way to keep all the group ownerships correct.
chgrp command to change group ownership of a directory or file. You need to use this command to share files with users who are in the same UNIX group as you, when that group is not your primary group.
chgrp groupname filename
where groupname is the name of the group with which you would like to share a file named
chmod command determines the type of access that group members may have to a file or directory, the
chgrp command determines which group may access that file or directory.
In all cases the man commands are essential reading for all these commands:
- man ls
- man chown
- man chgrp